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Abstract 

We consider the problem of finding the number of permutation non- 
equivalent classical irreducible maximal Goppa codes having fixed pa- 
rameters q, n and r from a group theory point of view. 
Keywords: Goppa codes, Linear codes, Permutation groups 

1 Introduction 

The study of classical Goppa codes is important since they are a very large 
class of codes, near to random codes. They are easy to generate and pos- 
sess an interesting algebraic structure. For these reasons they are used in 
McEliece's public key cryptosystem [16] . This cryptosystem is based on the 
difficulty to find a generator matrix of a Goppa code when a "scrambled" 
of it is known. 

In this paper we consider the problem of finding an upper bound for the 
number of permutation non-equivalent irreducible maximal Goppa codes. 
This question was considered by several authors (see for example [6], [2], 
[3], [2], [9]). In Section 3 we briefly recall these approaches. In particular, 
we describe the action of a group FG isomorphic to ATL(l,q n ) on the q n 
columns of a suitable parity-check matrix H a . This induces on maximal 
irreducible Goppa codes the same action which arises from [18] . This action 
does not describe exactly the orbits of Goppa codes, since in some cases the 
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number of permutation non-equivalent Goppa codes is less than the number 
of orbits of FG. The group FG acts faithfully on columns of H a , so that it 
may be seen as a subgroup of the symmetric group S q n . It seems interesting 
to study if there is a proper subgroup of S q n containing FG, acting on the 
set fi of classical irreducible maximal Goppa codes of fixed parameters, and 
giving on $7 exactly the orbits of permutation equivalent codes. In order 
to consider this problem, we analyze the subgroups of S q n containing FG 
and in Section 4 we find that there exists exactly one maximal subgroup 
M, isomorphic to AGL(nm,p) of S q n (A q n) containing FG (q = p m ). This 
suggests that one could consider the action of this M on codes to reach the 
right bound. 

We are grateful to Andrea Caranti, Andrea Lucchini, John A. Ryan and 
Patrick Fitzpatrick for helpful discussions on this subject. 

2 Preliminaries 

In this section we fix some notation and we recall some basic concepts about 
linear codes and in particular about Goppa codes. Our main references are 
for coding theory and [5] for group theory. 

We denote by ¥ q the finite field with q elements, where q = p m is a power 
of a prime p; let N, k, n and r be natural numbers, k < N. We consider 
two extensions of ¥ q , of degree n and nr, F q n and F q nr respectively; F g n[x] 
denotes the polynomial ring over F q n and e is a primitive element of ¥ q n, 
¥* n = (e). We refer to the vector space of dimension N over ¥ q as to (¥ q ) . 

In the following if H is an (N — k) x N matrix with entries in ¥ q and 
rank equal to N — k, the set C of all vectors c € (¥ q ) N such that Hc T = is 
an (N, k) linear code over ¥ q , of length N and dimension k, i.e. a subspace 
of (Fq) of dimension k. The elements of C are called codewords and matrix 
H is a parity-check matrix of C. Any k x N matrix G whose rows form a 
vector basis of C is called a generator matrix of C. 

Definition 2.1. Let E/K be a field extension. A linear code C is called 
a subfield subcode if C is obtained as the restriction to K n of a linear 
subspace L of E n . 

By abuse of notation we call parity-check matrix also a matrix H with 
entries in E such that Hc T = for all c € C. According to this assumption, 
H% and H2 may be parity-check matrices for the same code even if their 
entries are in different extension fields or they have different ranks. 
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Definition 2.2 QllJ). Let C\ and C2 be two linear codes over¥ q of length 
N, let G\ be a generator matrix of C\ . Codes C\ and C2 are permutation 
equivalent provided there is a permutation a E SV of coordinates which 
sends C\ in Cg. Thus C\ and C2 are permutation equivalent provided there 
is a permutation matrix P such that G\P is a generator matrix for Ci- 
They are monomially equivalent provided there is a monomial matrix M 
so that G\M is a generator matrix for C2 and equivalent provided there 
is a monomial matrix M and an automorphism 7 of the field ¥ q so that 
C 2 = CiMj. 

If code C2 is permutation equivalent to C\ with parity-check matrix H\, 
we can obtain a parity-check matrix H2 for C2 by permuting columns of H\ 
(and viceversa). 

Definition 2.3. Let g(x) = J2di xl e ^<? n M an d let L = {e±, £2, ■ ■ £n} 
denote a subset of elements of¥ q n which are not roots of g(x). Then the 
Goppa code Q(L,g) is defined as the set of all vectors c = (ci,C2, . . .,cjv) 
with components in ¥ q which satisfy the condition: 



N 

E 



mod g(x) 



(1) 



Usually, but now always, the set L = {e!,e 2 , . . .,En} is taken to be the 
set of all elements in ¥ q n which are not roots of the Goppa polynomial g(x). 
In this case the Goppa code is said maximal. If the degree of g(x) is r, then 
the Goppa code is called a Goppa code of degree r. It is easy to see (|17|) 
that a parity-check matrix for Q{L,g) is given by 



H 



( 



£1 



V 



9(1:2) 

£2 



fl(ei) 9(^2) 



S(ei) 9 (£2) 



9(sjv) 

_£JV 

9(ejv) 



Note that the code C = ker H is a subspace of (¥ q ™) N and the Goppa code 
Q(L,g) is its subfield subcode on ¥ q . 

Definition 2.4. A Goppa code Q(L,g) is called irreducible if g(x) is irre- 
ducible over ¥ n n . 



In the following by Goppa code we mean maximal irreducible classical 
Goppa code of degree r, so that N = q n . By Definition 12.31 a vector c = 
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(ci, C2, . . ., c q n) € (Fg) 9 " is a codeword of Q(L,g) if and only if it satisfies 
([1]). If q is any root of g(x), a € F g nr, then <7(x) = 111=0 ( x ~~ ofl ni ) and (P) 
is equivalent to the r equations 

E^T = °> 0<j<r-l. (2) 

Hence G(L, g) is completely described by any root a of g(x) and we may 
denote this code by C(a). From (|2|) we easily get a parity-check matrix 
H a £ Moiixgn(F g nr) for C(a) (see [6]): 

Ha = ( i a-ez ' * " *' Q-e„n ) ■ (3) 



It is important to stress that by using parity-check matrix H a to define C(a) 
we implicitly fix an order in L. So, we set 

L = {e,e 2 ,...,ei n - 1 ,e-°°}, 

where £~°° = 0, £j = e l and the matrix H n is 



TT _ ( _±_ 1 1 1 \ 

c « ~ I a-e' a-e^ ' ' ' '' a-1 ' a /• 

We observe that the Goppa code C(a) is the subfield subcode of codes 
having as parity-check matrices both H and H a . Moreover, there exist 
matrices having structure different from H and H a , which are parity-check 
matrices for C. 

We denote by Q = Q(q,n,r) the set of Goppa codes, with fixed param- 
eters q, n, r. 

In the following an action on set S is considered, where S = S(n, r) is 
composed of all elements in ¥ q nr of degree r over ¥ q n . 



3 Three actions on Q 



In this section we briefly present semiaffine actions introduced in [T] and 

igi 

in pj. These actions have degrees and \S\ respectively. Moreover we 
consider an action of the group yirX(l, q n ) on entries of parity-check matrix 
of type H a . This time the degree is q n . 

In pQ, the author works directly on polynomials by studying automor- 
phism groups of several classes of codes. 
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If V G AGL(l,q n ), ip(z) =az + b, o,kF f ,d/0, he defines 

r 

i=o 

The map ^ acts also on set L = ¥ q n , F*„ = (e) , by 

= (s lf) ~\...,(e qn -y~\(e- co f~ 1 ) . 

The code Q(L,g)^ = Q(L^,g^) is said the conjugate of code Q(L,g) by V>- 

Proposition 3.1. fJjj The Goppa codes are invariant by conjugation under 
the affine group AGL(l,q n ), i.e. Q(L,g)^ = Q(L,g) for all tp such that 
ip(z) = az + b,a,b G ¥ q n ,a/0. 

We get 

Corollary 3.2. Goppa codes Q(L,gV) is equivalent to Goppa code Q(L,g). 

Proof. We known that Q(L,g)^ = Q{L^,g^) and from Proposition 13.11 
Q(L,g)^ = Q(L,g). From Definition [272] it follows that Q(L,g^) is equivalent 
to g{L^,g^) = G{L,g) so G(L,g) is equivalent to Q(L,g^). □ 

More generally, if ip G ATL(1, q n ), ip(z) = az qt +b, with a, b G ¥ q n, a ^ 
ant t G {0, . . ., n — 1}, we define 

r 

/(x) = ^ 5i (ax^ + 6) i (4) 
i=0 

Equation ([3]) suggests to consider an action a on P C F g ™ [x] , where P is the 
set of irreducible polynomials of degree r. For 5 G P, g aW is the unique 
polynomial / of degree r such that g(a) = if and only if /(/?) = for 

P = (^) 9 " r ~ t (note g a ^ G P). 

Indeed, if g(x) = ^Loft 1 *! there exist = 1, . . . , r, a, 6 such that 

9i = 9ii vi = 1, • • • , r, a 9 = a, b q = b so that 

i=0 \i=0 / 

It is immediate to recognize that g{a) = 0, for a G S, if and only if /(/?) = 0, 

with (3 = {^r) qnr t G §. 

With similar arguments used for Proposition 13.11 one gets 
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Proposition 3.3. The Goppa codes are invariant by conjugation under the 
semiaffine group ATL(l,q n ), i.e. Q(L,g) = Q(L^,f), where f = G P. 

Corollary 3.4. Goppa codes Q(L,g) is equivalent to Goppa code Q(L,f). 



In [18] the same action on f2 is obtained considering an action on S of 
an "affine" group T = AGL(1, q n ){a), where a is defined as a : x — > x q ; the 
group (a) has order nr. The main result is the following: 

Theorem 3.5. Ji#J / If a, (3 G § are related as it follows 

(3 = Ca ql +t (5) 

for some G F g n, £ ^ 0, i = 1. . .nr, then C{a) is equivalent to C{(3). 

Orbits over § give orbits on Q. 

Fact 3.6. The above actions on § and on P create the same orbits on fL 

Proof. Let a € § be a root of g(x) € P. Let (3 = Ca 9 + C £ §>• There exists an 
irreducible polynomial g\ G F g n[x], such that g\{(3) = 0. From Proposition 
13.31 we get that the orbit a FG = {t((3), t G T}) induces on Q the same orbit 
than 5 T = {t( 5 ),t GT}). □ 

The work in pQ is mainly directed to the study of automorphism group 
of a given code; [18J is deeply interested in counting the number of non- 
equivalent Goppa codes. 

In [18] the exact number of orbits on S is given. Unfortunately, several 
examples are exhibited where the number of orbits T on § is greater than 
the number of non-equivalent Goppa codes. 

We introduce an action on columns of H n 



a—e ' a— e 2 ' ' ' '' a—1 ' a 

which induces the same orbits on f2 than T. We state the results and give 
a sketch of the proofs. For more details see [9J. 

Let us consider the subgroup FG ~ ATL(1, q n ) < S q n in its natural 
action on points of ¥ q n. If ip G FG, then ip{x) = ax ql + b, where a,b G 
F g n, o / and i = l,...,n. Since each entry (column) of H a is uniquely 
determined by an element of F g n, ATL(1, q n ) realizes a permutation of H a 
entries given by: 

1 \ ^ 1 



a — e a 



re- 



writing FG we mean F = AGL(l,q n ) and G the automorphism group of 



¥ q n over ¥ q . 
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The matrices Hp and (H^ are parity-check matrices for the same Goppa 

code C((3). We characterize the permutations mapping H a into (H^ in the 
following proposition. 

Proposition 3.7. Let H a and Hp be parity-check matrices for Goppa codes 
C(a) and C{(3). If there exists a permutation p G S q ™, such that p(H a ) = 
£(Hp) qJ , for some £, f3 G F g n, £ ^ and j = 1, . . .,nr, then p G FG. 

Proof. We consider 

p(H a ) = K= (^3^T' ^3^> • • • ' a _ e V-i' ~ 
where ij = p(j) and matrix ((Hp) qJ : 

s ;//;)'' ( c c c c 



/3<? J - £9 J - £ 2ql fit? _ 1 ^ 

I3i -e l i ~ a-eH 



Suppose C = 1 and j = 1 so that Vi G {1, 2, . . ., q n } we have - 1 



and then a - f3 q = e k - e tq . 

If a — (3 q = 0, p is the permutation induced by the Frobenius map cr, 
since e*' = £* 9 ; it follows that 

( tq if, = 1,2,. ..,,»-! 
[ — oo it i = — oo 

and p = a. 

If a — /3 9 ^ 0, as above a — (3 q G F g « so that a — (3 q = e k for some 
k £ {1, . . .,q n — 1} and then permutation /? G FG; explicitly it acts as: 

P(t) = 



it=tq + f k (s) ift = l,2,...,q n -l 
it = k if t = — oo 

where it is such that e n = e tq + e k , and /fc(e) is a function depending on 
representation of F q n . 

If C G F*„, C / 1 and j = 1, then Q = e l for some / G {1, • • • , q n - 2}. 
With same arguments used in the previous step, we get 

(a - (e k =(3 q - e tq => (e k =(a-(3 q + e tq => e k = a - C~ l P q + e tq ~ l . 

Again a - C" 1 /? 9 G ¥ q n- then there is h G {1, . . .,q n } so that e k = £ h + e tq ~ l , 
and 

{t)= { it = tq-l + f h (e) ifi = l,2,..., g "-l 
1 it = /i if t = — oo 
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where e %t = s tq ~ l + e h and /^(e) depending on the representation of ¥ q n. 
Concluding p = t^Pq-ict; here is the translation defined by : x — > x+e k , 
PC is the map p^ : x — > C,x and a is the Frobenius map; this proves p G FG. 
Finally, if j ^ 1 we have: / ; s = and C,a-Qe k = (3 qJ - e tq3 . As 

C = e l for some / G {1, . . .,q n — 2}, we gain: 

So there is u G {1, . . ., q n } such that a - e l (3 qJ = e v and e h = e v + e tqj ~ l . 
Permutation p is: 

p(t) = { H = tq j -l + f v (s) ifi = l,2,...,<f -1 
\ it = v if t = — oo 

where e H = e tqJ ~ l + e v and f v {e) depends on the representation of ¥ q n. 
Concluding p = r v pQ-\a^ . Clearly in all cases p € FG. □ 

Corollary 3.8. Let H a and Hp be parity-check matrices for Goppa codes 
C(a) and C{(3). If there exists a permutation p G S q n, such that p(H a ) = 
QHp, for same G ¥ q n, Q ^ 0, then p G F . 



4 Maximal subgroups 

The action of ATL(1, q n ) does not reach the exact number of non-equivalent 
maximal Goppa codes. So we look for maximal subgroups of S q n containing 
a fixed ATL{l,q n ) = FG. 

Theorem 4.1 Q5J). A maximal subgroup of S q n is one of the following: 
1. intransitive, x Si, k + I = q T ' 



transitive imprimitive: the wreath product Sk Wr Si in the standard 
action, kl = q n ; 

3. primitive non-basic, the wreath product Sk Wr Si in the product action, 
k l =q n ,k^ 2; 

4. affine AGL{d,p),p d = q n ; 

5. diagonal, T k ,{Out{T) x S^), T non abelian simple, |T| fe_1 = q n ; here 
Out{T) denotes, as usual, the factor group Au ^ T > . 



8 



6. almost simple, that is an automorphism group G of a finite non abelian 
simple group S , S < G < Aut(S). 

A maximal subgroup of the alternating group is the intersection of one of 
these groups with the alternating group. 

Remark 4.2. We explicitly observe that for p even, d > 3, the group AGL(d, p) 
is actually contained in the alternating group A p d. It is sufficient to real- 
ize that, in this case, the translations are product of 2 d ~ 1 cycles of length 
2, as well as the transvections are product of 2 d ~ 2 cycles of length 2. As 
the transvections generate the general linear group GL(p,2), AGL(p,2) is 
contained in A 2 a- 

Proposition 4.3. FG is contained in A q n if and only if q is even. 
Proof. The thesis follows from the following result. 

Claim 4.4. \1J$ Let X be a primitive permutation group of degree n. Then 
X contains an abelian regular subgroup G if and only if either 

i) X < AGL(d,p), where p is a prime, d > 1 and n = p d ; or 

ii) X = {fx x . . . x fi) ■ O ■ P, G = Gi x . . . x Gi where n = m l ,l>\, 
d < fi, with \G i \ = m,f 1 ^...^fi,0< Out(Ti) x . . . x Out(Ti), P 
is a transitive permutation group of degree I and one of the following 
holds: 

(a) (f u Gi) = (P5 , L(2,ll),Zn), (Mn.Zn), (M 12 ,Z 2 2 xZ 3 ), (M 23 ,Z 23 ) 
(Mi are the Mathieu groups); 

(b) f% = PGL(d, q) e Gi = 1* q d_ 1 is a Singer group; 

"FT 

(c) fi = PTL(2,8) and Gi = Z 9 £ PSL(2,8); 

(d) Ti = S m or A m and Gi is an abelian group of order m. 

Take X = FG. FG contains the subgroup A of translations, A = {r e : 
x —¥ x + e}, so that FG is contained in Ns n (A) = AGL(nm,p). By the 
above remark, if p = 2, the group FG is contained in A q n. If p is odd, then 
the element fi E : x — > ex belongs to FG and it is odd, as its order is q n — 1 
(recall that an element of order q n — 1 is said a Singer cycle); this proves 
that FG (and AGL(nm,p)) is not a subgroup of A q n. □ 

Theorem 4.5. Let G = A q n if q = 2 m , G = S q n for q odd. If M is a maxi- 
mal subgroup of G containing FG, then M is isomorphic to the affine group 
AGL(nm,p) . Moreover, there is exactly one maximal subgroup containing 
FG. 
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Proof. As FG is a primitive 2-transitive group of G, a maximal subgroup 
M of S q n containing FG, is an almost simple group or it is isomorphic to 
the affine group AGL(nm,p) ([5]). In the proof of Proposition 14.31 we have 
seen that FG is contained in AGL(mn,p). We prove that it is not contained 
in an almost simple group. By contradiction, let M be an automorphism 
group of a simple non abelian group S, S < M < Aut(S). If M contains 
FG, the stabilizer of a point to in F q ™ has index q n = p nm . As S is normal 
in M, S is transitive on F g n, so that we are reduced to consider subgroups 
of prime power index in S. These were described by Guralnick and for the 
reader's sake we write the main result of jlOj . 

Claim 4.6 QlOj). Let G be a nonabelian simple group with H < G and 
[G : H] = p d = q n , p prime. One of the following holds. 

1. G = A g n and H = A q n_ i; 

2. G = PSL(s,t) and H is the stabilizer of a line or hyperplane. Then 
[G : H] = = Q n (Note s must be prime); 

3. G = PSL(2, 11) and H ^ A 5 ; 

4. G = M 23 and H = M 22 or G = M u and H = M w ; 

5. G = PSU{A,2) = PSp(4,3), H is the parabolic subgroup of index 27. 

Cases 3, 4, 5, are easily ruled out, as p mn is neither a prime number, nor 
27. Similarly, case 1 is ruled out when p is odd, as, in this case, the element 
He is odd. If p = 2, then FG is actually contained in M ~ A q n. So, we are 
left with Case 2. Here, we use Claim |4~41 X satisfies condition ii), with 

X = S = PSL{s,t), [S : H} = ^^ =p nm , 1 = 1. 
and it is easy to see that it is not the case. 

Now, we prove that there is exactly one subgroup isomorphic to AGL(nm,p) 
containing FG. 

Let q be odd: in S q n there is exactly one conjugacy class of maximal sub- 
groups of this type (see for example [E])- So, let FG < M ~ AGL(nm,p), 
where the normal subgroup of the translation of M is exactly the translation 
group A of FG (|12j). The element fj, e generates a Singer subgroup; it is 
well known that the Singer cycles are conjugated in M; from the knowledge 
of the overgroups of a Singer cycle [13], [4], one easily proves that also the 
normalizers of Singer cycles contained in M are conjugate in M. It follows 
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that if FG 9 , g £ S q n is contained in M, there exists an element m € M, 
such that FG 9 = FG m . So, if s denotes the number of the subgroups of M 
containing FG, we get: 

[ V :AV^)]= [ ^ :MM ^ W " (FG)1 ; 

now, from [T2] one gets Ns n (FG) < M, so that s = 1. 

Now, suppose g is even. FG < A q n and in yl g n the conjugacy class of S q n 
subgroups which are isomorphic to AGL(nm,p). In A q n AGL(nm,p) splits 
into two classes so that also the class of Singer cycles splits into two different 
classes. Same argument used for the odd case leads to the result. □ 
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